lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: New Microsoft Internet Explorer mshtml.dll Denial of Service? 

On Tue, 02 Sep 2003 11:23:09 PDT, morning_wood said:

> funny, i often see replies to my post long before i see my own post
> dont know why, does'nt always happen. But it is odd.
> Sometimes I wonder if the list is being siphoned for breaking sec info before
> the posts reach the subscribers.

Nothing that paranoid.  What probably happens is:

1) You post to the list.  It starts sending out to the subscribers.

2) One of the first 100 or so subscribers gets their copy and starts banging on
their keyboard like a rabid monkey, and uses whatever "wide" reply they have,
and hit 'send'.

3) The list processor is still chugging.

4) The direct copy of their reply hits your mailbox and the *in*bound side of the list.

5) The list finally coughs up your copy of the original posting.  This shows up after
the reply does.

6) Their reply runs the gauntlet, and is finally pushed out.  Your mail system does
proper duplicate suppression, so the list's copy of the reply goes poof....

Or at least, that's been my experience of the usual cause of order inversion, based on
almost 20 years of doing this stuff (you think it's bad here, you should have seen the
latencies on the old Bitnet network - it could be 15 or 20 store-and-forward hops
over 9600 and 56K links and each hop was often queued shortest-job-first.  So if you
had a several hundred K file, it could take DAYS to get from one end of the net to the
other.  It was not uncommon for a large flamefest to get started, go 15-20 messages
before the rest of the list even knew there WAS a flamefest...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030902/d8cdacdf/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ